package com.xpro.configuration;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * Created by L on 2016/05/19.
 */
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().antMatchers("/").permitAll().and()
        // this should be deleted on production
        .authorizeRequests().antMatchers("/console/**").permitAll();
        // this should be deleted on production
        httpSecurity.csrf().disable();
        httpSecurity.headers().frameOptions().disable();
    }
}
